From 6362c51d11ef27335875469e0ff06347357f46b1 Mon Sep 17 00:00:00 2001
From: Kartik Agaram <vc@akkartik.com>
Date: Sat, 11 May 2019 19:11:13 -0700
Subject: 5155 - check for overflow in mmap segments

---
 subx/012elf.cc      | 8 +++++++-
 subx/020syscalls.cc | 5 +++++
 2 files changed, 12 insertions(+), 1 deletion(-)

(limited to 'subx')

diff --git a/subx/012elf.cc b/subx/012elf.cc
index a77c6056..2fea60db 100644
--- a/subx/012elf.cc
+++ b/subx/012elf.cc
@@ -90,7 +90,13 @@ void load_elf_contents(uint8_t* elf_contents, size_t size, int argc, char* argv[
 
 void push(uint32_t val) {
   Reg[ESP].u -= 4;
-  assert(Reg[ESP].u >= STACK_SEGMENT);
+  if (Reg[ESP].u < STACK_SEGMENT) {
+    raise << "The stack overflowed its segment. "
+          << "Maybe SPACE_FOR_SEGMENT should be larger? "
+          << "Or you need to carve out an exception for the stack segment "
+          << "to be larger.\n" << end();
+    exit(1);
+  }
   trace(Callstack_depth+1, "run") << "decrementing ESP to 0x" << HEXWORD << Reg[ESP].u << end();
   trace(Callstack_depth+1, "run") << "pushing value 0x" << HEXWORD << val << end();
   write_mem_u32(Reg[ESP].u, val);
diff --git a/subx/020syscalls.cc b/subx/020syscalls.cc
index 6b9faa2c..444c9fd5 100644
--- a/subx/020syscalls.cc
+++ b/subx/020syscalls.cc
@@ -122,5 +122,10 @@ uint32_t new_segment(uint32_t length) {
   uint32_t result = Next_segment;
   Mem.push_back(vma(Next_segment, Next_segment+length));
   Next_segment -= SPACE_FOR_SEGMENT;
+  if (Next_segment <= DATA_SEGMENT) {
+    raise << "Allocated too many segments; the VM ran out of memory. "
+          << "Maybe SPACE_FOR_SEGMENT can be smaller?\n" << end();
+    exit(1);
+  }
   return result;
 }
-- 
cgit 1.4.1-2-gfad0